Installation guide

ManualsBrandsCisco ManualsComputer equipmentExplorer 4700

511

512

513

514

515

516

517

518

519

520

12-98

Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance

OL-26645-02

Chapter 12 Configuring Traffic Policies

Configuring Actions Lists

CipherKey This field appears only when the Request field is set to Session. Select the following session

parameters to insert into the HTTP request:

• Cipher-Key-Size—Symmetric cipher key size.

• Cipher-Name—Symmetric cipher suite name.

• Cipher-Use-Size—Symmetric cipher use size.

• Id—SSL Session ID. The default is 0.

• Protocol-Version—Version of SSL or TLS.

• Step-Up—Use of SGC or StepUp cryptography to increase the level of security by using 128-bit

encryption.

• Verify-Result—SSL session verify result. Possible values are as follows:

–

ok—The SSL session is established.

–

certificate is not yet valid—The client certificate is not yet valid.

–

certificate is expired—The client certificate has expired.

–

bad key size—The client certificate has a bad key size.

–

invalid not before field—The client certificate notBefore field is in an unrecognized format.

–

invalid not after field—The client certificate notAfter field is in an unrecognized format.

–

certificate has unknown issuer—The client certificate issuer is unknown.

–

certificate has bad signature—The client certificate contains a bad signature.

–

certificate has bad leaf signature—The client certificate contains a bad leaf signature.

–

unable to decode issuer public key—The ACE is unable to decode the issuer public key.

–

unsupported certificate—The client certificate is not supported.

–

certificate revoked— The client certificate has been revoked.

–

internal error—An internal error exists.

For more information, see the SSL Guide, Cisco ACE Application Control Engine.

Value This field appears only when the Request field is set to either Client-Certificate or Server-Certificate.

Choose one of the following options:

• N/A—Specifies that the selected algorithm or cipher key is inserted without adding a prefix to it

or renaming it.

• Prefix—Enables you to specify a prefix string to place before the specified certificate or session

field name. For example, if you specify the prefix Acme-SSL for the SSL session field name

Cipher-Name, then the field name becomes Acme-SSL-Session-Cipher-Name.

• Rename—Enables you to specify a new name for the specified certificate or session field name.

Prefix This field appears only when the Value field is set to Prefix. Enter a quoted text string to place before

the specified certificate or session field name. The maximum combined number of prefix string and

field name characters that the ACE permits is 32.

Rename This field appears only when the Value field is set to Rename. Enter a new name to the specified

certificate or session field name. The name must be an unquoted text string with no spaces. The

maximum number of field name string characters that the ACE permits is 32.

Table 12-37 SSL Header Insert Configuration Window Fields (continued)

Header Action Field Description / Action